Solved

Modyfy code for admin

Posted on 2008-06-11
7
267 Views
Last Modified: 2012-08-14
Hello everyone,

I have a code that has been created that pulls username and sends it to the registry. I am looking at adding this to the login script of our company, the only issue is that you need to have admin rights to edit the registry.

Now we have 3 passwords here for the admin:

Username:     Administrator
Password:    Password1
Password:    Password2
Password:    Password3

Now is there a way to add this, and have an if statement for the passwords?


Thanks in advanced Experts...

-Lance
0
Comment
Question by:NTTldola
7 Comments
 

Author Comment

by:NTTldola
ID: 21764741
Sorry guys heres the code
Const HKLM = &H80000002
Dim objReg : Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strKeyPath = "System\SHInfo"
 
UserID=WScript.CreateObject("WScript.Network").UserName
UserName=WScript.CreateObject("WScript.Network").UserName
 
oReg.SetStringValue HKLM,strKeyPath,"UserID",UserID
oReg.SetStringValue HKLM,strKeyPath,"UserName",UserName
 
Set oReg=Nothing

Open in new window

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 21764867
Do you have a list of devices?  And are these updates the same for all systems?

If so, you would simply loop through an arran and replace the period (.) in your GetObject statement to the computer name...run it from an admin console.

arrComputers="C:\ListOfPCs.txt"
For Each PC in arrComputers
Dim objReg : Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & PC & "\root\default:StdRegProv")

Not working code - but you get the idea...if that's an option, let me know and I can post the code for you...
0
 

Author Comment

by:NTTldola
ID: 21764902
No I don't have a list of devices, this will be placed into the login script which will then be run when the user logs in.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 67

Expert Comment

by:sirbounty
ID: 21764917
Hmm - your users won't have admin rights, so they won't be able to modify the hklm hive.
Perhaps another expert has an idea...I can't think of a 'safe' way to allow end users this access through a logon script...(unless you were able to use HKCU hive instead...?)
0
 
LVL 1

Expert Comment

by:davenport651
ID: 21773445
I thought login scripts ran as the System account not the user account.  A login script should be able to edit HKLM registry hive without granting a user any extra rights.  Have you created a test user with limited rights and deployed your script to that user to see if you get the desired effect?

Also, I don't understand what your goal is with the password lines.
0
 
LVL 29

Accepted Solution

by:
matrixnz earned 250 total points
ID: 21778963
DavenPort651
     Users = Login/Logoff Scripts - Runs using users Credentials
     Access to HKCU

     Computers = Startup/ShutDown Scripts - System Account Credentials
     Access to HKLM

NTTldola
You could use a AutoIT Script to do as you're suggested, using RunAs() however it's not secure, I mean you can't just read the password like in a batch or vb script because it's an executable but, if the users are bright enough they may be able to crack it.  AutoIT can be found here http://www.autoitscripts.com it's free to use as well.

The other method is to use a two shot method, i.e. in a startupscript use Regini to change permissions on the HKEY_LOCAL_MACHINE\System\SHInfo Key
more infor on Regini here - http://support.microsoft.com/kb/264584

Another method is to use SetACL found here - http://setacl.sourceforge.net/html/examples.html
although it's not as easy as Regini, you can modify a permission whereas with Regini the permissions are replaced not modified.

Hope that helps.

Cheers
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 250 total points
ID: 21782902
If this is on a an Active Directory LAN then use Group Policy to set permissions on those registry keys:

http://www.lockergnome.com/windows/2005/01/11/set-registry-permissions-using-group-policy/

Like it says apply this to the OU containing or above your computers (put them in an OU if needed), set the permissions then when the computers next refresh group policy they will get the registry permission change ready for the next logon.

Then the users will have access and your current script will work without any impersonation.

Steve
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to find the cause of a problem in VBA or VB6 it's often valuable to know what procedures were executed prior to the error. You can use the Call Stack for that but it is often inadequate because it may show procedures you aren't intereste…
Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question